Session timeout policies give admins the control to set session duration limits for both inactivity and maximum session time, automatically logging out users when necessary. These settings reduce the risk of unauthorized access and protect the overall security of your account.

• Note: Custom session timeout policies are available for Enterprise plans.
• Note: Custom session timeout policies customization is available for Superpower plans.

Set session timeout policies

When updating the session timeout policy, the changes will take effect after each user's next session timeout, based on your current policy. 2FA will be required to log in again. To apply the policy and enforce a logout immediately, see Log out all sessions

Note:

• The session timeout policies apply to web app sessions only, and not mobile app sessions.
• Admin permissions are required to customize the session timeout policy.

To set session timeout policies:

1. Go to Admin > Users and security > Security and authentication. 

The Security and authentication page appears.

2. Click Session timeout policy to expand it.

3. Select the session duration limits for each policy.

• Inactive session timeout: Log out users after they have been inactive in Atera for the selected amount of time. This policy can be set between 60 minutes to 24 hours (default setting), or to never time out.
• Enforced session timeout: Log out users after the selected amount of time, regardless of inactivity. This policy can be set between 2 to 30 days (7 days is the default setting).

4. Click Save.

Note: The new policy will take effect after each user's next session timeout, based on your current policy. 2FA will be required to log in again. To apply the policy and enforce a logout immediately, see Log out all sessions